Executive order sets up new rules, taskforce to oversee classified information dissemination

In the wake of the WikiLeaks publishing of classified information in 2010 and other cybersecurity breaches, President Barack Obama today outlined a variety of new information security steps intended to prevent such disclosures in the future.

While there were, at least in theory, a multitude of security protections in place, Obama's executive order now adds a number of new layers. The Executive Order states:

Agencies bear the primary responsibility for sharing and safeguarding classified information, consistent with appropriate protections for privacy and civil liberties.

A Senior Information Sharing and Safeguarding Steering Committee will now have overall responsibility for fully coordinating interagency efforts and ensuring that Departments and Agencies are held accountable for implementation of information sharing and safeguarding policy and standards.

A Classified Information Sharing and Safeguarding Office will be created within the office of the Program Manager for the Information Sharing Environment to provide sustained, full-time focus on sharing and safeguarding of classified national security information. The office will also consult partners to ensure the consistency of policies and standards and seek to identify the next potential problem.

Senior representatives of the Department of Defense and the National Security Agency will jointly act as the Executive Agent for Safeguarding Classified Information on Computer Networks to develop technical safeguarding policies and standards and conduct assessments of compliance.

An Insider Threat Task Force will develop a government-wide program for insider threat detection and prevention to improve protection and reduce potential vulnerabilities of classified information from exploitation, compromise or other unauthorized disclosure. This will be led by Attorney General Eric Holder and Director of National Intelligence James Clapper.

"High priority is being placed on enhancing the auditing capabilities across US government classified networks. Planning is now under way to define policy and develop standards for collecting and sharing of audit and insider threat data, officials said in a statement.

While the statement today noted that there has been an ongoing effort to reduce cybersecurity problems such as clarifying and standardizing removable media policies and owners of classified systems are accelerating efforts to strengthen online verification and tracking of individuals logging on to classified systems, many problems remain. Just this week the congressional watchdogs at the Government Accountability Office said many federal agencies continue to struggle with IT security.

"Weaknesses in information security policies and practices at 24 major federal agencies continue to place the confidentiality, integrity and availability of sensitive information and information systems at risk. Consistent with this risk, reports of security incidents from federal agencies are on the rise, increasing more than 650% over the past five years," the GAO stated.

Cooney is an Online News Editor and the author of the Layer 8 blog, Network World's daily home for the not-just-networking news. He has been working with Network World since 1992. You can reach him at mcooney@nww.com.